Device Became Inactive
A device that wasn't communicating recently and according to the iSID now is defined as inactive- can define in the isid the time frame of no communication in order to get as inactive.
ID Number
9000005
Signature
-
MITRE ATT&CK Technique
-
Severity
medium
Recommendations/Investigative actions
Identify the asset call the POC (Point of Contact) at the site and ask if some kind of activity was performed or he is aware for a network bug. In addition, look for a relevant cyber attack rules at the same time, it can be an attampt of the attacker to create a c&c station in the network